One of the biggest hurdles to overcome in setting up a security program is, and will forever be, money. People believe this myth that having a security program means that they have to break the bank, but that’s not the case. There are so many things that organizations can be doing to run more securely, at no cost.
To get the ball rolling on your securing your business, you should first run some tests. Risk assessments and vulnerability scans can help determine where the organization is most exposed. Testing employees on security best practices will give you a general idea of where their basic security knowledge lies.
Turn on Free Tools You Already Have
Mac and Windows PCs and laptops have security tools built into them. They are often times not automatically turned on but the process of turning them on isn’t difficult. Also, CRM softwares like Salesforce and Hubspot have security tools that are free to use.
Research New Security Tools
There are so many free tools at the tips of your fingers. A quick search will lead you to antivirus programs or VPNs. But first, get an understanding of what kind of data the organization will be storing, This will help you to determine which tools you need. While the free tools may not be as strong as the paid versions, they are better than having no security at all.
Train Your Staff
We’ve talked in the past about how employees can be the weakest link when it comes to security. A large percentage of breaches happen because people are easily deceived by phishing attacks. There are plenty of resources out there (YouTube) that can be helpful you raise your team’s awareness of phishing and social engineering.
Implement Security Policies
Security policies will be helpful in guiding your team through the organization's guidelines. If there are no policies in place right now, you can start with a simple set (for free!) As your company grows over time, the policies will be able to be expanded upon.
Leadership Takes it Seriously
Having a team that cares about information security is easier to do when management is actively displaying that they are about it as well. If the CEO is not following through on policies then the rest of the team is going to slack off as well. Leaders must prove to their team that this is a serious issue.
Here is a list of free tools that our security experts have approved:
HPI Identity Leak
Phishing Test Google/Jigsaw
How Secure Is My Password?
Facebook Security Checkup
Google Security Checkup
Graylog Open Source